Cisco Systems 78-11741-02 Wireless Office Headset User Manual


 
Configuring IP Services
Filtering IP Packets Using Access Lists
IPC-98
Cisco IOS IP Configuration Guide
time-range command is described in the “Performing Basic System Management” chapter of the Cisco
IOS Configuration Fundamentals Configuration Guide. See the “Time Range Applied to an IP Access
List Example” section at the end of this chapter for a configuration example of IP time ranges.
Possible benefits of using time ranges include the following:
The network administrator has more control over permitting or denying a user access to resources.
These resources could be an application (identified by an IP address/mask pair and a port number),
policy routing, or an on-demand link (identified as interesting traffic to the dialer).
Network administrators can set time-based security policy, including the following:
Perimeter security using the Cisco IOS Firewall feature set or access lists
Data confidentiality with Cisco Encryption Technology or IP Security Protocol (IPSec)
Policy-based routing (PBR) and queueing functions are enhanced.
When provider access rates vary by time of day, it is possible to automatically reroute traffic cost
effectively.
Service providers can dynamically change a committed access rate (CAR) configuration to support
the quality of service (QoS) service level agreements (SLAs) that are negotiated for certain times of
day.
Network administrators can control logging messages. Access list entries can log traffic at certain
times of the day, but not constantly. Therefore, administrators can simply deny access without
needing to analyze many logs generated during peak hours.
Including Comments About Entries in Access Lists
You can include comments (remarks) about entries in any named IP access list using the remark
access-list configuration command. The remarks make the access list easier for the network
administrator to understand and scan. Each remark line is limited to 100 characters.
The remark can go before or after a permit or deny statement. You should be consistent about where
you put the remark so it is clear which remark describes which permit or deny statement. For example,
it would be confusing to have some remarks before the associated permit or deny statements and some
remarks after the associated statements. The standard and extended access list task tables in the previous
sections “Creating Standard and Extended Access Lists Using Numbers” and “Creating Standard and
Extended Access Lists Using Names” include the remark command. See the “Commented IP Access
List Entry Examples” section at the end of this chapter for examples of commented IP access list entries.
Remember to apply the access list to an interface or terminal line after the access list is created. See the
following section “Applying Access Lists” for more information.
Applying Access Lists
After creating an access list, you must reference the access list to make it work. To use an access list,
perform the tasks described in the following sections. The tasks in the first section are required; the tasks
in the remaining sections are optional:
Controlling Access to a Line or Interface (Required)
Controlling Policy Routing and the Filtering of Routing Information (Optional)
Controlling Dialer Functions (Optional)